file-storage
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides technical documentation and code snippets for using Tigris Object Storage.
- [DATA_EXFILTRATION]: The skill encourages secure practices by instructing users to store credentials in
.envfiles and explicitly warns against exposing Secret Access Keys to client-side code. - [COMMAND_EXECUTION]: Shell commands are restricted to the official Tigris CLI (
tigrisor its aliast3) for legitimate tasks such as authentication, bucket creation, and access key management. - [INDIRECT_PROMPT_INJECTION]: The skill facilitates reading file content through the SDK's
getmethod. While this introduces a potential surface for indirect prompt injection from stored files, it is a primary function of the storage integration. Standard precautions should be taken when the agent processes data from external sources. - [EXTERNAL_DOWNLOADS]: Dependencies include official vendor packages (
@tigrisdata/storage,@tigrisdata/react) which are standard for the described use case.
Audit Metadata